Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-91477

Explicit entering of admin user credentials for new instances



      When creating a new instance, administrators need to know the "secret sauce" about the credentials for the new user, e.g. it's "test@maildomain", with the default password "test". And if someone configured a different administrator account in setup wizard when setting up the portal (e.g. "bruno.admin@liferay.com"),  the account is "bruno.admin@maildomain" - but only if "@liferay.com" happens to match the maildomain of the first instance, otherwise we're back at "test@maildomain".

      Not only does this utilize a hardcoded password (security worst-practice) that isn't forced to be changed on first login (another bad practice), it assumes that the same person, with the same way to construct mail accounts, exists on different instances.

      A very quick fix would be to list the credentials in the success message, but that's hidden in the bottom left corner of the screen, and goes away after a few seconds. Another quick fix would be to just add text to the "new instance" dialog that explicitly states the future names and the password on the new instance. But ideally, I'd like to see fields for the credentials (mail address and password, optionally names) being added right to this dialog.

      With any of the quickfixes: Whenever a password is set to "test", it should be forced to be changed upon first login. Can only be omitted when the password is given explicitly.


          Issue Links



              • Assignee:
                support-lep@liferay.com SE Support
                olaf.kock Olaf Kock
              • Votes:
                0 Vote for this issue
                1 Start watching this issue


                • Created:


                  Version Package